Examining the different kinds of email threats and email attack methods, this paper describes the need for a solid server-based content-checking gateway to safeguard your business against email viruses and attacks as well as information leaks.
Protecting your network against email
threats
The need for comprehensive server-based email security
This white paper explains why anti-virus software alone is not enough to protect your organization against the current and future onslaught of email viruses and threats. Examining the different kinds of email attacks and issues that threaten today's organizations, this paper describes the need for a solid server-based email security solution to safeguard your network.
WWW.GFI.COM Protecting your network against email threats . 2
Introduction This white paper explains why anti-virus software alone is not enough to protect your organization against the current and future onslaught of computer viruses. Examining the different kinds of email threats and email attack methods, this paper describes the need for a solid server-based content-checking gateway to safeguard your business against email viruses and attacks as well as information leaks.
Introduction....................................................................................................................................2 The threat of email viruses & trojans.............................................................................................2 The threat of information leaks......................................................................................................2 The threat of emails containing malicious or offensive content ....................................................3 Methods used to attack your email system ...................................................................................3 The shocking ease of creating a virus today.................................................................................4 Why anti-virus software or a firewall is not enough.......................................................................5 The solution: A proactive approach...............................................................................................5 About GFI MailSecurity for Exchange/SMTP ................................................................................5 About GFI ......................................................................................................................................6
The threat of email viruses & trojans The widespread use of email has provided hackers and crackers with an easy way to distribute harmful content to the internal network. Hackers can easily circumvent the protection offered by a firewall by tunneling through the email protocol, since it does not analyze email content.
CNN reported in January 2004 that the MyDoom virus cost companies about US$250 million in lost productivity and tech support expenses, while NetworkWorld (September 2003) cited studies that placed the cost of fighting Blaster, SoBig.F, Wechia and other email viruses at US$3.5 billion for US companies alone.
Furthermore, email is also used to install trojans, targeted specifically at your organization to obtain confidential information or gain control of your servers. Described as "instructive viruses" or "spy viruses" by computer security experts, these can be potent tools in industrial espionage. A case in point is the email attack on Microsoft's network in October 2000, which a Microsoft Corp. spokesman described as "an act of industrial espionage pure and simple". According to reports, Microsoft's network was hacked by means of a backdoor trojan virus maliciously emailed to a network user.
The threat of information leaks Organizations often fail to acknowledge that there is a great risk of crucial data being stolen from within the company. Various studies have shown how employees use email to send out
WWW.GFI.COM Protecting your network against email threats . 3
confidential corporate information. Be it because they are disgruntled and revengeful, or because they fail to realize the potentially harmful impact of such a practice, employees use email to share sensitive data that was officially intended to remain in-house.
As the 2003 Hutton enquiry in the UK demonstrated, government officials and BBC executives were found to have used email to make disclosures that were confidential. A March 1999 PC Week article ... [download for more]
